Scenario:
You installed as os user= 'root' and using ssh port 22. Now you want to change this to:
SSH port = 2222
OS user = johan
Requirements
- The OS user must be able to ssh without passwords to the other nodes.
- The OS user must be allowed to do sudo (be a sudoers)
Change ssh port
On each server, including the cluster control server do:
EDIT /etc/ssh/sshd_config
locate and change
# Port 22
to
Port 2222
Save and exit and do:
service sshd restart
Note:
You cannot disable root login (PermitRootLogin=no in SSH configuration) if the osuser/ssh_user/os_user defined in /etc/cmon.cnf is root. This will break the communication between ClusterControl node and the DB cluster.
Changes on the CMON controller
On the controller do, replace <password> with the actual password for the osuser.
mysql -ucmon -p -h127.0.0.1
use cmon
UPDATE cmon.cmon_configuration SET value='echo <password> | sudo -S' WHERE cid=1 AND param='SUDO';
# don't forget to update the staging dir (can also be done from the web interface)
# to a a directory writeable by the new 'osuser' (replace osuser with your actual setting)
UPDATE cmon.cmon_configuration SET value='/home/osuser/s9s_tmp/' WHERE cid=1 AND param='STAGING_DIR';
EDIT /etc/cmon.cnf (on the controller only). Make sure the following is set, and that it is only set once in the /etc/cmon.cnf. Update existing values instead of adding new ones:
osuser=johan
ssh_opts=-nqtt
ssh_port=2222
Verify SSH Connections
Test your new SSH user's ssh connections from the Controller host.
# from the controller node
ssh <new user>@127.0.0.1 # <- must also work because how we handle some CMON jobs
ssh <new user>@<db nodes>
ssh <new user>@<db nodes> "sudo ls"
Restart CMON Process
Last restart the Controller/CMON process to make the changes effective.
service cmon restart
Comments
0 comments
Please sign in to leave a comment.